Site Navigation

Site Mobile Navigation

Silicon Valley's Spy Game

Gilman Louie is one of the most successful computer-game developers of all time. ''I'm your classic entrepreneur,'' he told me recently. ''I started my first business with my fraternity brothers at San Francisco State.'' Louie, an amateur fighter pilot, had his first big success in 1987 with a game called Falcon, which allowed players to simulate the flight of an F-16. Falcon sold millions of copies, not only to teenage boys but also to pilots in the United States Air Force, who found it so realistic that it helped them learn to fly real fighter jets. Louie's biggest success came in 1988, when he imported from the Soviet Union an unexpectedly addictive game called Tetris, which became the best-selling computer game ever. ''Between Nintendo sales and PC sales, 70 or 80 million copies of that game sold,'' Louie says. ''We even found out that Hillary Clinton loved playing Tetris on the Game Boy.''

Lots of companies were impressed by Louie's success, including Hasbro, which put him in charge of creating its games Web site. And then in 1998, Louie was recruited by an even more powerful employer: the Central Intelligence Agency. ''The C.I.A. actually thought that my computer-game background was a valuable asset,'' Louie recalls. ''I look at the world as one big system -- one big game.''

The C.I.A. had just founded an unusual venture-capital firm called In-Q-Tel, and the agency wanted Louie to be the C.E.O. ''The 'Q' stands for the 'Q' factor -- it's named after the character in James Bond,'' says Louie. In-Q-Tel was the brainchild of George Tenet, the C.I.A. director, who believed that by investing $30 million a year in Internet startups in Silicon Valley, the C.I.A. could encourage the development of cutting-edge technologies that might be useful for national intelligence. Louie's marching orders were to provide venture capital for data-mining technologies that would allow the C.I.A. to monitor and profile potential terrorists as closely and carefully as Amazon monitors and profiles potential customers.

The valley has long indulged its own antiestablishment mythology -- rebellious, libertarian hackers in their parents' garages, bucking the system by inventing world-changing, personally empowering technologies -- and Louie was worried that persuading programmers to collaborate with the C.I.A. would be ''borderline ludicrous.'' Despite his doubts, Louie agreed to open one In-Q-Tel office in Menlo Park, Calif., and another near Washington. He quickly discovered that far from recoiling at the idea of working with the C.I.A., Internet entrepreneurs flocked to his door. The chance to play with the government's cool toys trumped their fears of Big Brother.

After the dot-com crash, Silicon Valley, desperate for venture capital, began to depend more and more on the federal government. Then came Sept. 11, and the establishment of the Office of Homeland Security. In-Q-Tel now finds itself just one of several deep-pocketed federally financed investors that are eager to back technological solutions to our new security challenges. The Bush administration is asking Congress for $38 billion for homeland security, and much of this money will be parceled out among competing federal agencies -- including the Defense Department and the F.B.I. -- which can then use the money either to invest directly in security technologies or to follow In-Q-Tel's model of providing venture capital to young companies in the private sector. Like the C.I.A., the Office of Homeland Security has concluded that the same technologies that were useful before Sept. 11 for tracking, profiling and targeting potential customers can be turned today on potential terrorists. In the wake of the bursting of the tech bubble and in the thick of the war on terrorism, Silicon Valley is reinventing itself as the new headquarters for the military-technological complex.

As always, the entrepreneurs are following the money. In January, this led them to Las Vegas for the Consumer Electronics Show, the largest trade show of futuristic gadgets in North America. After Sept.11, the conference organizers decided to sponsor a special exhibition hall at the Riviera Hotel for technologies that are especially well suited to homeland defense. That old familiar gold-rush feeling was in the air at the Riviera: one speaker estimated that federal spending on security technologies would grow by 30 percent a year, rising to $62 billion by 2006. (''God bless America'' read the PowerPoint slide, over an image of firefighters raising the flag.) In the buzzing exhibition hall, participants admired a hologram of the Statue of Liberty, as well as a man in a gigantic thumbprint costume, who had been hired by a company called DigitalPersona to advertise its fingerprint-recognition device.

After displaying their wares, the technologists flocked to an In-Q-Tel reception near the exhibition hall, trolling for federal investors from the C.I.A., F.B.I. and Defense Department. ''All we served was pot-stickers and 7-Up,'' Louie recalls, ''but people didn't want to leave.''

In Las Vegas, several companies predicted that profiling techniques that are now used to detect credit-card fraud could soon be used to detect potential terrorists. A few weeks later, this prediction turned out to be a reality, when The Washington Post reported that the federal aviation authorities and two technology companies called Accenture and HNC Software are planning to test at airports a profiling system designed to analyze each passenger's living arrangements, travel and real-estate history, along with a great deal of demographic, financial and other personal information. Using data-mining and predictive software, the government then plans to assign each passenger a ''threat index'' based on his or her resemblance to a terrorist profile. Passengers with high threat indexes will be flagged as medium or high risks and will be taken aside for special searches and questioning.

Our system ''will check your associates,'' Brett Ogilvie of Accenture told Business Week. ''It will ask if you have made international phone calls to Afghanistan, taken flying lessons or purchased 1,000 pounds of fertilizer.'' The only problem: in order for the system to obtain answers to those questions, the nation's privacy laws will need to be relaxed. Federal laws currently restrict the personally identifiable information that the government can demand from credit-card and phone companies except as part of a specific investigation.

When I called Brett Ogilvie to ask what data Accenture proposes to analyze, his spokeswoman, Stacey Jones, said that she couldn't reveal that information: it's a trade secret. ''Anyone who is interested in beating the system can, once we start divulging what the systems are,'' she explained. I said that I wasn't interested in the specific profiling factors; I only wanted to know whether Accenture proposed to include information in its database that the government isn't now permitted to examine. But Jones stuck to her script: ''National security and client confidentiality prohibits us from divulging what the factors are.''

Accenture's profiling scheme is open to question not only because it would almost certainly violate the privacy rights of airline passengers, but also because it seems unlikely to work. Investigators will tell you that people who commit credit-card fraud often fit a consistent profile -- using the stolen card to buy gas at self-service stations, for example, and then using it to buy clothes. By contrast, terrorists don't fit a consistent profile: you're looking for a needle in a haystack, but the color and the shape of the needle keep changing. Mohamed Atta might have been kept out of the country if immigration officials had been aware that there was a warrant for his arrest in Broward County, Florida. But Accenture's profiling system is not designed to check passengers against a watch list of suspected criminals or terrorists. Instead it is designed to compare the purchasing activities and personal behavior of millions of passengers with those exhibited in the past by a tiny group of terrorists -- to create a predictive profile of likely hijackers.

Lawrence Lessig, who teaches law at Stanford and is the nation's leading authority on the law and architecture of cyberspace, argues that the Accenture system is unworkable. ''I can understand these massive data systems to deal with things like stealing from the government or not paying your taxes -- systematic repetitive large-scale deviations from the law,'' he says. ''The problem I really have with the terrorism stuff is, do we have any good reason to believe we could ever predict this type of behavior?'' Because the sample of known terrorists is so small, Lessig says, the profiles are bound to be inaccurate.

The entrepreneurs of Silicon Valley are undaunted by questions about whether it makes sense to profile terrorists the way they profile e-business consumers; they haven't been so enthusiastic about a race to innovate since the height of the dot-com bubble. In the glory days of the late 90's, Silicon Valley was consumed by the search for the ''killer app,'' the software application that was just so cool and effective that everyone had to buy it. After Sept. 11, the consensus in the valley is that the national-security ''killer app'' will allow government agencies to access and share information about Americans that is currently stored in different databases -- from your chat-room gossip to your shopping history to your parking tickets, and perhaps even the payment history for your child-support checks.

''Today, every federal intelligence and law-enforcement agency and all manner of state and local bodies maintain their own separate databases on suspected criminals,'' Larry Ellison, the founder and C.E.O. of Oracle Corporation, wrote in The Wall Street Journal last October. ''Do we need more databases? No, just the opposite. The biggest problem today is that we have too many. The single thing we could do to make life tougher for terrorists would be to ensure that all the information in myriad government databases was integrated into a single national file.'' Oracle, in fact, is the world's largest database manufacturer, and Ellison offered to donate the software for a single national database free of charge to the United States government. (The company, Ellison added, would charge for upgrades and maintenance.)

Oracle's office in Reston, Va., is near the headquarters of the C.I.A., which is appropriate enough: when Larry Ellison founded the company 25 years ago, his first client was the C.I.A., to whom he sold a program called Oracle, the world's first ''relational'' database. At that time, information in computer databases was stored in unrelated files: a company like Ford, for example, could keep one file of its employees and another file of its departments, but it had no easy way of relating the two files. Ellison saw the commercial potential of the relational database and began marketing it in 1979. By the height of the dot-com boom in 2000, Ellison's net worth had soared to $80 billion, making him (briefly) the richest person in the world.

When I visited Oracle in January, the security guard in the lobby gave me a high-tech ID badge that could track where I was in the building at all times. I was ushered upstairs to a bright conference room where seven people were sitting around a huge oval table. One of them, David Carey, turned out to be the former No. 3 man at the C.I.A.; he had just retired as executive director after 32 years with the agency. Carey joined Oracle to head its new Information Assurance Center, which was founded in November to design homeland-security and disaster-recovery solutions and market them to the federal government.

Like his colleagues, Carey was in an expansive mood. He said that the United States government accounted for 23 percent of Oracle's multibillion-dollar licensing revenue last year and that he expected the federal side of the business to improve after Sept. 11. ''How do you say this without sounding callous?'' he asked. ''In some ways, Sept. 11 made business a bit easier. Previous to Sept. 11, you pretty much had to hype the threat and the problem.'' Carey said that last summer, leaders in the public and private sector wouldn't sit still for a briefing. Then his face brightened. ''Now they clamor for it!'' After Sept. 11, Carey and Ellison held a series of top-level meetings in Washington about the use of Oracle technology for homeland security. ''In November, Larry had a serious discussion with Vice President Cheney, and I met with Ridge, Ashcroft and Mueller,'' Carey says, referring to the director of the Office of Homeland Security, the attorney general and the director of the F.B.I.

I asked to see an example of Oracle's new homeland-security technology, and I was ushered into a demonstration hall outside the conference room that looked like something out of the last ''Star Wars'' movie. ''I'll give you an overview of 'Leaders,''' said Brian Jones, then the head of Oracle's health-care consulting unit. ''It stands for Lightweight Epidemiology Advanced Detection and Emergency Response System.'' By collecting health-care information from hospital emergency rooms across the country, Leaders is designed to monitor outbreaks of suspicious diseases and provide early warnings for biological attacks.

At 9:20 a.m. on Sept. 11, Jones had received a phone call from the Centers for Disease Control in Atlanta, which feared that the attack on the twin towers might be followed by a bioterrorism attack. Working for 10 straight hours, Jones put into his computer the address of every hospital in New York State, to detect unusual disease outbreaks, like smallpox. ''Every hospital was capable of submitting data to a repository,'' he explained. ''The Centers for Disease Control's experts could sit back in Atlanta and pull up a map just like I'm showing you here.'' Jones punched a key and a digital map of New York City appeared on the screen. Using a combination of 7,500 digital photographs and architectural plans of more than 6,000 miles of underground pipes, Oracle has created a detailed map of every building, sewer and water line and curb in the city. By the evening of Sept. 11, Jones was ready to monitor every emergency-room bed in the state.

Oracle is now working with the federal government to apply the same surveillance system to hospitals throughout the country. The system would allow hospitals to report incidents of suspicious diseases like anthrax, smallpox and Ebola to a central database. The program can then send out e-mail or voice-mail alerts to law-enforcement officials if it detects suspicious patterns of diseases anywhere in the country. Steve Cooperman, Oracle's new director of homeland security, said, ''We're going to build a bioterrorism shield, so eventually everyone is going to have to participate -- every hospital, every clinic, every lab.''

The prospect of every hospital in America reporting your medical condition to a central Oracle database might cause some patients alarm. (Oracle insists that the information can be stored in ways that can't be linked to individual patients.) The same potential for invasions of privacy is raised by Larry Ellison's proposal to centralize all of the separate criminal databases run by federal and state authorities into a single national database. After we filed back into the conference room, David Carey explained that Oracle is already discussing with various federal agencies methods of sharing information that are currently restricted by law.

''We think of it as a triangle,'' said Tim Hoechst, a senior vice president for technology at Oracle, holding up a Dorito. ''At one corner is privacy, at one corner is assurance of security -- how safe is the data -- and at another corner is usability. It's all a matter of trade-offs. What we focus on is making the Dorito here, and putting you in any corner that you feel comfortable with. On Sept. 12, most Americans would say, Privacy out the window; go catch the folks. So we would have moved it all the way to usability. But maybe day to day, we move it a little bit more toward security.''

As the databases are consolidated, I asked, who should decide the proper balance between privacy and access? How do you avoid a situation in which someone could be kept off a plane because he had skipped jury duty or had an overdue parking ticket? A hush fell over the room, and people looked awkwardly at their sandwiches.

Finally Hoechst spoke up. ''You'll notice that we all became suspiciously quiet when we started talking about policy questions,'' he said. ''At Oracle, we leave that to our customers to decide. We become a little stymied when we start talking about the 'should wes' and the 'whys' and the 'hows,' because it's not our expertise.''

The Tom Lehrer song about the Nazi rocket scientist who defected to America popped into my head: ''Once ze rockets are up, who cares where they come down?/That's not my department,' says Wernher von Braun.''

''I expect that if you ask Larry Ellison the question he'd give you a much better answer,'' one of Hoechst's associates chimed in. Hoechst agreed. ''My experience with him is that he knows an extraordinary amount about a lot of things. Every time I think I know something, he knows much more. He's read more books on it.''

An error has occurred. Please try again later.

You are already subscribed to this email.

So I set off for Silicon Valley to meet Larry Ellison. The Oracle campus near the San Francisco airport is known as the Emerald City, for its artificial lakes and silo-shaped towers of glass and silver. Ellison's private palace, however, is a $30 million mansion in nearby Atherton, modeled on the Katsura Imperial Villa in Kyoto. I was checked in there by two bodyguards with dark shirts and dark tans and escorted into the house to wait. The living room was large and airy, with lots of blond wood and shoji screens. It overlooked a beautiful Japanese garden, where ducks swam and waterfalls shimmered.

Ellison appeared a few minutes later from behind one of the screens, wearing a pressed charcoal suit over a black turtleneck. He appeared fit and tanned, with piercing hazel eyes and a trimmed beard slightly flecked with gray. He suggested that we talk in the garden, but the loud whine of a neighbor's mulcher made this impossible. (In Silicon Valley, even $30 million doesn't buy you quiet.) Defeated by the noise, we retreated to the dining room, with its high-backed black lacquer chairs and black lacquer table.

Ellison is not a shy or enigmatic billionaire. He is entertainingly indiscreet -- he answered every question with a torrent of confident opinions. ''The Oracle database is used to keep track of basically everything,'' he said. ''The information about your banks, your checking balance, your savings balance is stored in an Oracle database. Your airline reservation is stored in an Oracle database. What books you bought on Amazon is stored in an Oracle database. Your profile on Yahoo is stored in an Oracle database.'' Much of the information in these separate commercial databases is also centralized in large databases maintained by credit-card companies like TRW to detect fraud and to decide whether customers should get credit at the mall.

When it comes to government data, by contrast, there are hundreds of separate, disconnected databases. ''The huge problem is the fragmented data,'' he said. ''We knew Mohamed Atta was wanted. It's just that we didn't check the right database when he came into the country.'' Ellison wants to consolidate the hundreds of separate state and federal databases into a single Oracle database, using the centralized credit-card databases as a model. ''We already have this large centralized database to keep track of where you work, how much you earn, where your kids go to school, were you late on your last mortgage payment, when's the last time you got a raise,'' he said. ''Well, my God, there are hundreds of places we have to look to see if you're a security risk.'' He dismissed the risks of privacy violations: ''I really don't understand. Central databases already exist. Privacy is already gone.''

As Ellison spoke, it occurred to me that he was proposing to reconstruct America's national security strategy along the lines of Oracle's business model. When Oracle moved its business to the Internet in 1995, Ellison complained that its customer information was scattered across hundreds of separate databases, which meant that the German office couldn't share information about customers with the French office. By consolidating 130 separate databases into a single database on the Internet, Ellison said, Oracle saved a billion dollars a year and found it easier to track, monitor and discriminate among its customers. This was what Ellison now wanted to do for America.

I asked if there would be any controls on access to the database. For example, would Ellison want people to be kept off a plane because they were late on their alimony payments?

''Oh, no, I don't think we would keep anyone off on alimony payments,'' Ellison said. ''But if the system designed to catch terrorists also catches mere bank robbers and deadbeat dads, that's O.K. I think that's a good thing. I don't think it's a bad thing.''

There are, at the moment, legal restrictions prohibiting the sharing of data by government agencies. The most important restriction was passed in 1974, to prevent President Nixon from ordering dragnet surveillance of Vietnam protesters and searching for their youthful marijuana arrests. I asked Ellison whether these legal restrictions should be relaxed. ''Oh, absolutely,'' he said. ''I mean absolutely. The prohibitions are absurd. It's this fear of an all-too-powerful government rising up and snatching away our liberties.'' Since Sept. 11, Ellison argued, those qualms no longer make any sense: ''It's our lives that are at risk, not our liberties,'' he said.

Ellison proposes to link the central government database to a system of digital identification cards that would be optional for citizens but mandatory for aliens. He wants each card holder to provide a thumbprint or iris scan that would be stored in the central database. I recalled that Lawrence Lessig of Stanford Law School had explained to me that a national fingerprint database was probably the most invasive of all possible designs for an identification system, because it would allow the government to dust for fingerprints in a nightclub or a protest scene and identify everyone who was there. I asked Ellison why the government couldn't minimize these privacy concerns by storing the fingerprint on the ID card.

Ellison dismissed the suggestion. ''Everyone's got this amorphous idea that the government will somehow misuse this,'' he said, ''but no one has given me a substantive example of what will happen that's bad.''

I tried again. What about the centralized storage of health information, as Oracle was proposing to do with the Leaders system. Would Ellison want government officials to have access to personally identifiable genetic information?

''I feel like Alice has fallen through the looking glass,'' Ellison said. His voice rose; he was starting to get a little testy. ''Does this other database bother you here? We can't touch that database because I won't be able to use my credit card. Like, I won't be able to go to the mall!'' He took on the voice of Sean Penn's stoner from ''Fast Times at Ridgemont High.'' ''Like, that's really disturbing. Like, don't mess with my mall experience. O.K., so people have to die over here without this, but that's not going to affect my experience going to the mall.'' He exhaled, and in his regular billionaire voice asked, ''I mean, what the hell is going on?''

Ellison said he was late for an appointment at Intel and started to make motions to leave. I tried one more question. Were there no differences between Oracle and the United States government, I asked, that should make us hesitate before centralizing all of our national databases using Oracle as a model?

''From the information-science standpoint, there's no difference at all,'' he replied. ''These central databases are cheaper and better and they solve all these problems. We can manage credit risks that way. We should be managing security risks in exactly the same way.''

It's not surprising, of course, that Larry Ellison sincerely believes that what's good for Oracle is good for America. But there are, in fact, differences between an e-business and the American government, differences that perhaps should make us hesitate before reconstructing America along the business model of the Oracle Corporation.

''Depending on how these technologies are designed, they can respect traditional values of liberty or not,'' says Lawrence Lessig, ''and whether they do depends on the values that drive the designers and the institutions we build to check the design.'' Although Lessig's path-breaking book ''Code and Other Laws of Cyberspace'' argues that it's possible to design technologies that protect privacy and security at the same time, he has become pessimistic that Silicon Valley, left to its own devices, will get the balance right. ''The reality is that all the market power is going to be on the side of delivering the security, and there's no strong claim on the other side for delivering the privacy,'' he says. ''There's no court that will stand up and push the demand for heightened review for privacy, and there's no politician. And then you have Larry Ellison types riding in with the glow of the market. He's like a rich version of a North Korean dictator.''

Here, then, is the Catch-22 of the integrated databases that are being constructed in the wake of Sept. 11: the technologists want the politicians to decide the balance between privacy and security, but because the technology is so complicated and unfamiliar, very few politicians seem up to the task. I visited Maria Cantwell, the newly elected senator from the state of Washington and perhaps the most technologically savvy member of the Senate. (She complains that Congressional rules prohibit her from taking her BlackBerry wireless communicator onto the Senate floor but allow her to use a spittoon.) Cantwell learned about the importance of Internet privacy as an executive for RealNetworks, which markets one of the most popular Internet music players. In 1999, RealNetworks got into trouble when privacy advocates noticed that the player could send information to RealNetworks about the music each user downloaded. RealNetworks had the capability to match this data with a Globally Unique Identifier, or GUID, that exposed the user's identity. Although RealNetworks insisted that it had never, in fact, matched the music data with the GUID, the company was eager to avoid a public-relations disaster, and so it quickly disabled the GUID. The experience helped turn Cantwell into a crusader for privacy, but her time in the Senate has made her more pessimistic that her colleagues in Congress have the understanding or inclination to regulate technology in a meaningful way.

''What I don't think people realize is that we are just at the tip of the iceberg,'' she told me. ''I think they're trying to be prescriptive on some very basic things, not understanding the world that's yet to come. I try to explain some of the new technology to my colleagues'' -- by which she means her fellow senators. ''You're going to be able to be driving and say, 'Hey, take me to the nearest Starbucks,' and they all think that's great. And then I say, but it also might be stored in a database that may also be able to track where you were at 2 o'clock in the morning.''

Cantwell worries that her Senate colleagues are so swept up in the search for a technological solution to our security problems that regulating access to the databases isn't on their agenda. ''I mean, databases can become a threat in themselves if you don't think through the right safeguards,'' she said. ''People are getting enamored with the power of the technology and not thinking through the privacy issues and how they might apply.''

In the face of Congressional indifference and judicial passivity, it has fallen to the technologists to sort out the appropriate balance between liberty and security. But this is a challenge that the technologists are ill equipped -- by culture and temperament -- to meet.

The gonzo entrepreneurs of Silicon Valley like to think of themselves as antigovernment libertarians; the business nostrums of the precrash era assumed that the Internet would lead inevitably to the end of hierarchy and centralized authority and the flourishing of individual creativity. When the e-business technologies of tracking, classifying, profiling and monitoring were used to identify the preferences of American consumers and to mirror back to each of us a market-segmented version of ourselves, Silicon Valley could argue that it was serving the cause of freedom and individual choice. But when the same software applications are used by the government to track, classify, profile and monitor American citizens, they become not technologies of liberty but technologies of state surveillance and discrimination. They threaten the ability of Americans to define their identity in the future free from government predictions based on their behavior in the past. Far from leading inevitably to the end of centralized authority, the age of the Internet turns out to include powerful economic and political forces that are determined to centralize as much information about individuals as possible.

The technology for integrated databases already exists, waiting to be activated by the flip of a switch. In the wake of Sept. 11, few politicians or judges seem willing to keep the forces of centralization in check. And no one should count on the technologists to police themselves.

I had one last question for Larry Ellison. ''In 20 years, do you think the global database is going to exist, and will it be run by Oracle?'' I asked.

''I do think it will exist, and I think it is going to be an Oracle database,'' he replied. ''And we're going to track everything.''

Jeffrey Rosen is an associate professor at George Washington University Law School and the legal affairs editor of The New Republic. His last article for The Times Magazine was about the growth of surveillance.